With the increasing demand from consumers and businesses for faster and cheaper Internet access along with a decreasing cost of computers and an expansion of technology around the world, a threat of distributed denial of service (DDoS) attacks is growing considerably on a daily basis. What was once considered a denial of service (DOS) attack on the Internet back in year 1999 could easily be overshadowed by the amount of noise of today's high-speed Internet. Even more dangerous than DOS attacks are distributed DDoS attacks. DDoS attacks are more malicious since an attack on a targeted element may originate from several sources simultaneously. The objective is to flood the targeted element with malicious or invalid packets to achieve the same goal as discussed above for an ordinary DoS attack. The targeted element becomes overwhelmed with malicious or invalid packets to the point where it ceases operation or goes into an initialization phase. As more and more appliances become IP-enabled, a possibility of those appliances becoming originators of malicious DDoS packets is a reality. In the near future, the possibility of 10-20 Gigabits DDoS attacks may be approaching.
A problem with DDoS attacks is the unknown factor, how much and where from. DDoS attacks can start from any network and adapt as fast as the perpetrator wants them to. Internet service providers, which shall be referred to as service providers, have been slow to launch costly network-based infrastructure, and more nimble companies are limited to the bandwidth of their Internet connections. However, service providers have a strong need to protect their customers from DDoS attacks.
Some businesses already offer a distributed network-based DDoS detection system such as Arbor Networks of Lexington, Mass., Narus of Mountain View, Calif., and the InMon Corporation of San Francisco, Calif. However, their systems are tailored to a per-customer or other limited arrangement. Their systems cannot be deployed on a large scalable multi-customer basis across a large network.
A solution is needed to allow service providers to provide scalable DDoS detection services for individual customers without adding numerous expensive hardware. A solution is also needed that would allow a third-party DDoS mitigation provider to provide a DDoS mitigation service to customers regardless of the customers' association with an Internet service provider. The mitigation provider can negotiate Internet access with the service providers and provide mitigation services to a customer that has an immediate need for DDoS services.